Re: [Skunkworks] [kictanet] Cybercrime Bill 2016
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!). My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns. Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest' My initial thoughts. Tony On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
My thoughts: It's well thought out and inherits from a variety of other global benchmarks. Save for the legal interpretation, I think it's a good start. However, it is quite silent on emerging threats and trends such as; - Authority to use defensive measures over and above passive protection of your digital assets- Mitigation of a threat is limited to the threat itself as harming the I.S in itself isn't allowed in this provision. (Think Cyber Warfare) - Disclosure principles: - elicit disclosure of timely, and accurate information about risks and events that a reasonable investor would consider important to an investment decision. This isn't covered anywhere and currently such disclosures are treated with hostility as opposed to meaningful conversation. Otherwise, a way better informed bill as opposed to the "other one" -tyrus On Wed, Jul 13, 2016 at 2:16 PM, Tony White via Security < security@lists.my.co.ke> wrote:
I have read through the bill, and - although I am not a lawyer - it looks like it has been well thought out and makes sense (unlike *another* recent bill!).
My main concern, with this (or any other) bill, is where it may be open to abuse, intimidation, and/or corruption. I hope those with 'legal' minds may discover the specific areas which may be open to abuse, and where further clarification within the bill may address those concerns.
Specifically, related to those whose work involves the provision, and/or testing of the security of systems to guard against possible cybercrimes. I would like to see a section where specific exemption is allowed where permission by a person in authority over a computer system or telecommunications network is given to a specific person or organisation to conduct testing of a system's security - commonly referred to as 'penetration testing' or 'pentest'
My initial thoughts.
Tony
On 13/07/2016, Walubengo J via kictanet <kictanet@lists.kictanet.or.ke> wrote:
Listers, I know we have just come from an intensive 2week review of the ICT Policy.But PS Itemere says there is more work need on the Cybercrime Bill @http://www.mygov.go.ke/?p=11234
Plse send your views on the Cyber Crime Bill and spread the word. @ Mose- could u put this up on Jadili as well?@ Skunkworks - Someone forward to these hackers as well. I seem to have been kicked off their list at one point. walu.
-- Tony White
_______________________________________________ Security mailing list Security@lists.my.co.ke http://lists.my.co.ke/cgi-bin/mailman/listinfo/security
participants (2)
-
Tony White -
ty